patch-apk
patch-apk copied to clipboard
NickstaDB
Trying Zoom - Rebuild error
I tried your script with Zoom.
This is the result:
python3 patch-apk.py us.zoom.videomeetings --disable-styles-hack Getting APK path(s) for package: us.zoom.videomeetings [+] APK path: /data/app/us.zoom.videomeetings-pLtte_mmE_HaDIwoGTLDsg==/base.apk [+] APK path: /data/app/us.zoom.videomeetings-pLtte_mmE_HaDIwoGTLDsg==/split_config.arm64_v8a.apk [+] APK path: /data/app/us.zoom.videomeetings-pLtte_mmE_HaDIwoGTLDsg==/split_config.xxhdpi.apk
Pulling APK file(s) from device. [+] Pulling: us.zoom.videomeetings-base.apk [+] Pulling: us.zoom.videomeetings-split_config.arm64_v8a.apk [+] Pulling: us.zoom.videomeetings-split_config.xxhdpi.apk
App bundle/split APK detected, rebuilding as a single APK.
Extracting individual APKs with apktool. [+] Extracting: /tmp/tmp7d98bqqo/us.zoom.videomeetings-base.apk Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true [+] Extracting: /tmp/tmp7d98bqqo/us.zoom.videomeetings-split_config.arm64_v8a.apk Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true [+] Extracting: /tmp/tmp7d98bqqo/us.zoom.videomeetings-split_config.xxhdpi.apk Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
Copying files and directories from split APKs into base APK.
Found public.xml in the base APK, fixing resource identifiers across split APKs. [+] Resolving 516 resource identifiers. [+] Located 516 true resource names. [+] Updated 516 dummy resource names with true names in the base APK. [+] Updated 1361 references to dummy resource names in the base APK.
Disabling APK splitting in AndroidManifest.xml of base APK.
Rebuilding as a single APK. [+] Building APK with apktool. Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true W: /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/AndroidManifest.xml:4: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/APKTOOL_DUMMY_4ff'). W: W: /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/AndroidManifest.xml:5: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/APKTOOL_DUMMY_4ff'). W: W: /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/AndroidManifest.xml:49: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/APKTOOL_DUMMY_4ff'). W: W: /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/AndroidManifest.xml:58: error: Error: No resource found that matches the given name (at 'icon' with value '@drawable/APKTOOL_DUMMY_4ff'). W: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/tmp/brut_util_Jar_14857187209732719201.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 29, --version-code, 46013, --version-name, 4.6.20553.0413, --no-version-vectors, -F, /tmp/APKTOOL8864388319270289170.tmp, -e, /tmp/APKTOOL367080311237978568.tmp, -0, arsc, -I, /home/mike/.local/share/apktool/framework/1.apk, -S, /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/res, -M, /tmp/tmp7d98bqqo/us.zoom.videomeetings-base/AndroidManifest.xml] Error: Failed to run 'apktool b /tmp/tmp7d98bqqo/us.zoom.videomeetings-base'. Run with --debug-output for more information.
Thanks for your work. Maybe you can look into this.
Cheers!
Hi @shellshocker, thanks for reporting this.
I've pushed an updated script to the debug/zoom branch. This version can rebuild Zoom as a single APK and patch it with objection, and I'm able to run objection explore to connect to the agent, but the app bombs out after warning about being run on a rooted device. At this point I'm not sure whether this is the result of a broken rebuild or whether the app has some anti-debug/anti-patching measures in place.
If you get a chance to investigate further let me know, or if you've had any success manually patching this one it would be useful to know how you achieved that.
@NickstaDB
Hmm I used the updated version. But it's not working for me. Maybe you can integrate an option to disable patching with objection?
Patching us.zoom.videomeetings-base.apk with objection. Traceback (most recent call last): File "/usr/local/bin/objection", line 10, in
sys.exit(cli()) File "/usr/lib/python3/dist-packages/click/core.py", line 764, in call return self.main(*args, **kwargs) File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main rv = self.invoke(ctx) File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke return callback(*args, **kwargs) File "/home/mike/.local/lib/python3.8/site-packages/objection/console/cli.py", line 366, in patchapk patch_android_apk(**locals()) File "/home/mike/.local/lib/python3.8/site-packages/objection/commands/mobile_packages.py", line 192, in patch_android_apk patcher.extract_native_libs_patch() File "/home/mike/.local/lib/python3.8/site-packages/objection/utils/patchers/android.py", line 457, in extract_native_libs_patch xml = self._get_android_manifest() File "/home/mike/.local/lib/python3.8/site-packages/objection/utils/patchers/android.py", line 282, in _get_android_manifest return ElementTree.parse(os.path.join(self.apk_temp_directory, 'AndroidManifest.xml')) File "/usr/lib/python3.8/xml/etree/ElementTree.py", line 1202, in parse tree.parse(source, parser) File "/usr/lib/python3.8/xml/etree/ElementTree.py", line 595, in parse self._root = parser._parse_whole(source) xml.etree.ElementTree.ParseError: not well-formed (invalid token): line 1, column 0 Error: Failed to run 'objection patchapk --skip-resources -s /tmp/tmptuia2pba/us.zoom.videomeetings-base/dist/us.zoom.videomeetings-base.apk'. Run with --debug-output for more information.
If you run the original zoom package on a rooted device you can ignore the warning and use the app just fine.
@NickstaDB
Hmm I used the updated version. But it's not working for me. Maybe you can integrate an option to disable patching with objection?
Run patch-apk --save-apk FILENAME to save a copy of the single APK prior to patching with objection.
@NickstaDB
If i execute:
./patch-apk.py us.zoom.videomeetings --save-apk us.zoom.one.apk
Output:
Saving a copy of the APK to us.zoom.one.apk
Traceback (most recent call last): File "./patch-apk.py", line 626, in
main() File "./patch-apk.py", line 35, in main shutil.copy(apkfile, args.save_apk) File "/usr/lib/python3.8/shutil.py", line 415, in copy copyfile(src, dst, follow_symlinks=follow_symlinks) File "/usr/lib/python3.8/shutil.py", line 261, in copyfile with open(src, 'rb') as fsrc, open(dst, 'wb') as fdst: PermissionError: [Errno 13] Permission denied: 'us.zoom.one.apk'
If I execute:
sudo ./patch-apk.py us.zoom.videomeetings --save-apk us.zoom.one.apk
Output is:
Saving a copy of the APK to us.zoom.one.apk
Patching us.zoom.videomeetings-base.apk with objection. Traceback (most recent call last): File "/usr/local/bin/objection", line 6, in
from objection.console.cli import cli ModuleNotFoundError: No module named 'objection' Error: Failed to run 'objection patchapk --skip-resources -s /tmp/tmp14fk0ks1/us.zoom.videomeetings-base/dist/us.zoom.videomeetings-base.apk'. Run with --debug-output for more information.
@shellshocker
These are issues with your environment now. The first error is because the path you provided to --save-apk is not writable. There's no need to run patch-apk via sudo.
The second error is because objection is not available under under the sudo environment.
Thanks @NickstaDB. It worked. I have one apk now. But the problem you described still exists:
I'm able to run objection explore to connect to the agent, but the app bombs out after warning about being run on a rooted device. At this point I'm not sure whether this is the result of a broken rebuild or whether the app has some anti-debug/anti-patching measures in place.
Hmmm. Maybe broken or anti-tampering.
Glad you've got a single APK now @shellshocker!
Let me know if you manage to make any progress on this one and if not I'll have a look when I get a chance. Possible leads for investigating further might be to check adb logcat output to see if an exception is causing the app to bomb out; or using early instrumentation with objection (using the --startup-command parameter) to work out what methods are being called prior to bombing out and whether there's some anti-tamper stuff going on.
I was just trying to patch Zoom for interest. Again, I get an error. Is it because of my environment? ApkTool is up to date (2.4.1).
W: /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/tmpartma8m0/us.zoom.videomeetings-base/AndroidManifest.xml:45: error: No resource identifier found for attribute 'hasFragileUserData' in package 'android' W: W: /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/tmpartma8m0/us.zoom.videomeetings-base/AndroidManifest.xml:560: error: No resource identifier found for attribute 'foregroundServiceType' in package 'android' W: brut.androlib.AndrolibException: brut.common.BrutException: could not exec (exit code = 1): [/var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/brut_util_Jar_5302390019765492485.tmp, p, --forced-package-id, 127, --min-sdk-version, 21, --target-sdk-version, 29, --version-code, 50006, --version-name, 5.0.26211.0602, --no-version-vectors, -F, /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/APKTOOL7873375531166208241.tmp, -e, /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/APKTOOL1066246439686034802.tmp, -0, arsc, -I, /Users/korbinianmifka/Library/apktool/framework/1.apk, -S, /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/tmpartma8m0/us.zoom.videomeetings-base/res, -M, /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/tmpartma8m0/us.zoom.videomeetings-base/AndroidManifest.xml] Error: Failed to run 'apktool b /var/folders/xy/trzzh9hs09j7mzn5zs1zh5br0000gp/T/tmpartma8m0/us.zoom.videomeetings-base'. Run with --debug-output for more information.
Hi @kmifka, I've just patched Zoom myself but I'm using apktool 2.4.2-SNAPSHOT. Try building apktool from the latest sources. You may also need to modify the build.gradle of apktool to change the line def apktoolversion_minor = 'SNAPSHOT'; to def apktoolversion_minor = '';. Verify that apktool -version outputs "2.4.2" then if you still have an issue let me know.